Indemnification assurance for community edition open source

Bristol-based LinuxIT is launching an indemnification programme to underwrite community-based open source software. The company claims to be able to provide organisations with a “guarantee and assurance at zero risk”, no less.

This arguably somewhat questionable claim is achieved by LinuxIT’s process of “verifying open source software” by running it through an accreditation process.

The programme which is backed by an as yet unnamed “leading” global insurance-based financial services provider and a LinuxIT Service Level Agreement (SLA), which the company says enables LinuxIT to fix or replace software that does not work as expected. Cover to the value of £5m is provided.

Linux IT.png

Image: courtesy of

“Open source software comprises commercial and community versions, commercial where you pay for a structured development process and have the reassurance of indemnification and essential support,” said Peter Dawes-Huish, CEO of LinuxIT.

“While the community options are free, there can be no guarantee of a structured development process and reassurance of indemnification and support. We understand why organisations in the past have backed away from the community product,” he added.

When a customer purchases LinuxIT’s Open Source Software Indemnification Program (they use American spelling in Bristol these days it seems), the company then guarantees the performance of the OSS item against an enterprise Service Level Agreement (SLA).

If the software doesn’t work as expected due to a bug or another problem then the programme guarantees that it will be fixed or replaced with a technology that does, within an agreed timeframe. The insurance backing ensures that funds and resources are always available to meet the SLA.

I found this whole story highly dubious at first glance. Why would any company want to place an indemnification guarantee on open source software that has “exposed dynamic libraries” subject to the pressure of (albeit usually positive) constant change from the community?

Surely some customers need to evidence static libraries for legal compliance and regulatory pressures and so even LinuxIT’s indemnification will not work right?

I questioned this aspect and also the company’s pricing model before agreeing to run this story.

LinuxIT CEO Peter Dawes-Huish told me “There is no pricing model as part of the programme as we do not charge for the service.”

“When the OSS code is live with dynamic libraries, we are able to guarantee a structured development process because we take a snapshot of the version of the code in the customer’s live environment and indemnify that version. If the software is not working as expected, we take it, get a developer to fix the code and then we put it back into the customer’s environment. We then feedback our amendments into the project to accommodate future changes,” Dawes-Huish explained.

I’m not convinced, but I did find out that LinuxIT was (or is) the first Red Hat Premier Partner in the UK, so there may be more substance in this story than the sceptical observer might first take away.